Why age verification won’t cure what ails social networking sites

Age verification has been a hot topic lately as a way to protect children …

"Age verification" has been a hot topic as of late as a means for keeping children safe on the Internet. Here's how the argument works: if sites such as MySpace and virtual worlds like Second Life used age-verification methods, they could magically cut down on the number of children being exploited by sexual predators online. After all, if we could somehow figure out a way to keep kids and adults separate online, it would certainly take care of many of the concerns voiced by the parents of Internet-using children.

Once you look past the initial sales pitch on these types of solutions, however, the situation becomes much more complex. How effective is age verification at protecting children from online predators? Adam Thierer of the Technology Liberation Front held a panel discussion on that topic with regards to social networking sites, which brought up many of the holes that can be found in currently-proposed "solutions."

One of the major points made several times during the 90-minute panel discussion is that age verification is not a fictional concept and it generally works... in cases where adults need to be verified as adults. Buying cigarettes or alcohol or registering for an adult web site are instances when adults often have to provide some sort of proof that they are over a certain age in order to participate in an adults-only activity. And that proof isn't difficult to come by: a driver's license, a credit card, a Social Security number, or a combination of the above will do the trick.

It's when adults and kids play in the same space that things get sticky and the effectiveness of age verification seems to go out the window. Anyone can very easily verify that they are over 18, as ex-investigator and CEO of Sentinel Tech Holding Corporation John Carillo pointed out, even criminals and sexual predators. None of the age-verification measures proposed by Congress or parental groups involve doing lengthy (and costly) background checks, and so the mere fact that a certain subset of users is over 18 provides virtually no protection against online predators. Additionally, it's easy to fake one's age online by using someone else's credit card or personal information "To me, that says we're giving the pedophile, the felon, a level of credibility," Carillo said during the panel discussion. "We're putting some kind of seal next to their name, saying that they were verified on some level or something. That's just a scary concept to me."

On the flipside, there is no way to verify that a child online is, in fact, a child for the purposes of creating a child-only site or keeping adults and children separate. There is no publicly-accessible record on kids or their existence, Carillo pointed out, which means that it is significantly more difficult to verify the identity of a child. Requiring "parental permission" for children to be online doesn't quite work either, since it's just as easily faked as it is to fake being over 18. Carillo said that he used the real names of four of his adult NYPD colleagues to register as children on Imbee, a site that advertises itself as "the first secure social networking and blogging destination for kids." Imbee requires parental permission for registration by way of credit card entry, which Carillo filled in with random corporate cards from his current company. Five days later, "they sent me what I'm calling the pedophile passport. They sent me my identity 2.0 virtual credential to Chris Clark at my apartment," he told the panel.

Other issues brought up during the discussion were the fact that "verified" identities could easily be sold cheaply online and statistics from researchers at the University of New Hampshire pointing out that in 95 percent of the cases in which a child was assaulted by an adult that he or she met online, they were well aware that they were speaking to an adult. Not just that, but nearly 80 percent of the time, they were aware of the adult's intentions to have sex with them, and they voluntarily met up with said adult 83 percent of the time. Given these statistics, it seems as if age verification on social networking sites would do virtually nothing to stop minors from connecting with predators offline and merely provide a false sense of security for parents.

In response to the false sense of security, some panelists argued that "perfection should not be the enemy of the good." Doing something is better than doing nothing, right? Others disagreed, saying that doing nothing was preferable. "Nobody advocates leaving doors unlocked and not even trying [to protect your home], because, well, there would be a false sense of security," said Jeff Schmidt, CEO of authentication company Authis. "However, you need to make sure that your result is not worse than doing nothing in the first place. In this age verification, we have a unique scenario where you will have age-verified bad guys. Okay? It's not just that the system failed and 'worse' is status quo. I'm saying now with 100 percent certainty that we will have age-verified bad guys.

"My concern is that the false sense of security will actually result in more problems in a less safe environment," Schmidt said later during the discussion. "I believe that if we create something that we call a safe area, or a safer area, or whatever, people's inherently simplistic attitude to that will be 'Oh, okay. I've locked my kids off to the safe area.' Then the people will let their guard down. That's my concern."

It's clear from the discussion that currently-proposed methods of age verification are not only not perfect, but in fact are not effective. Without true identity verification (and reverification to ensure that the person who created the profile is still the person who is now logging into the profile) there will be no way to ensure that even a nominal dent will be made in the effort to help keep children safe from predators on the Internet.

Jacqui Cheng
Jacqui is an Editor at Large at Ars Technica, where she has spent the last eight years writing about Apple culture, gadgets, social networking, privacy, and more. Emailjacqui@arstechnica.com//Twitter@eJacqui